Identity Breach Statistics: Over 70% of Organizations Affected

Post Views: 4

The True Headline: More Than 70 Percent of Organizations Hit by Identity Breaches, Survey Finds

A recent survey conducted by Sophos has revealed alarming statistics regarding the prevalence of identity breaches within organizations.

According to the survey, over 70 percent of organizations have been affected by at least one identity-related breach within the past 12 months.

Switzerland, Mexico, and Italy recorded the highest breach rates among the surveyed countries, while Germany, Colombia, and Japan reported the lowest rates, although even these countries still saw breach rates exceeding 60 percent.

Vulnerable Sectors:

The energy, oil and gas, utilities, and federal government sectors were particularly vulnerable to identity breaches.

Interestingly, smaller companies were less likely to detect attacks, increasing the risk of severe consequences. However, there were some sectors that performed better than others in terms of detecting and responding to identity breaches. Healthcare, for example, demonstrated a stronger ability to detect and respond to threats due to regulatory pressures to invest in threat monitoring.

Ransomware Connection:

Two-thirds of organizations hit by ransomware stated that the incident was connected to their most significant identity attack, indicating that identity compromise serves as a primary ransomware delivery mechanism.

Organizations that failed to stop a major identity attack suffered significant financial and operational damage, with an average of two major consequences per firm. Data theft, ransomware, and fraud or stolen funds were among the common consequences faced by these organizations.

Causes of Identity Attacks:

An average of two root causes contributed to each identity-based attack, with weak human identity management being the most common reason organizations fell victim to attacks.

The global mean recovery cost for organizations hit by identity breaches was $1,637,363, with the median cost being $750,000. Furthermore, organizations with weak non-human identity management were 22 percent more likely to experience financial theft and 24.4 percent more likely to encounter extortion, leading to significantly higher recovery costs from identity breaches.

Prevention Measures:

Real-time monitoring was the most common identity management activity performed by firms, yet many companies checked for unusual login attempts no more than once every three months.
Only 34.3 percent of organizations rotated and audited non-human identities (NHIs) weekly or more often, while 11.1 percent did so continually.

These findings emphasize the importance of robust identity management practices, including regular monitoring and rotation of non-human identities, to prevent identity breaches and mitigate potential consequences.